verify assumeutxo hashes#178
Draft
l0rinc wants to merge 4 commits into
Draft
Conversation
Snapshot loading and background snapshot validation only need the serialized AssumeUTXO hash after computing HASH_SERIALIZED UTXO stats. Keeping CCoinsStats around at both call sites repeats the AssumeutxoHash conversion at each use. Store the computed AssumeutxoHash directly while preserving the existing ComputeUTXOStats calls and failure handling. This is a behavior-preserving preparation for sharing the hash computation path.
Snapshot loading and background snapshot validation now store only the AssumeutxoHash they need, but both still spell out the same HASH_SERIALIZED ComputeUTXOStats call with the same interrupt breakpoint. That duplication makes another caller more likely to drift from the existing snapshot checks. Extract a small helper returning AssumeutxoHash and use it from the existing snapshot-load and background-validation paths. This keeps behavior unchanged while making later validation code reuse the same hashing primitive.
The IBD cross-check should be a no-op on all ordinary block connections before any configured AssumeUTXO height. A duplicate minimum-height constant could drift from the commitments in m_assumeutxo_data. Use the existing table as the single source of truth for the first configured height. Add a unit test that hard-codes the current first snapshot height for each chain and separately covers the empty-table case that makes the return value optional.
AssumeUTXO already hard-codes checkpoint-like commitments in chainparams: snapshot height, base block hash, serialized UTXO hash, and chain transaction count. Currently those commitments are enforced when a user loads a snapshot, and background validation later checks the snapshot target, but ordinary IBD, reindex, and reindex-chainstate do not cross-check the live validated chainstate against the same values. At configured AssumeUTXO heights, after connecting the block, do a stateless check of the connected block metadata and current hash_serialized_3 UTXO hash. The ordinary path stays cheap: before the first configured height it only checks the minimum-height gate, and at other heights it only does the exact-height lookup. Mismatches are logged with LogError and validation continues, so this audits the existing commitments without turning them into consensus checkpoints. Successful verification logs at validation debug level, and an interrupt during hashing logs at debug level instead of looking like a verification failure. Custom signet chains currently reuse the default signet AssumeUTXO entries, so they can log mismatches at the default signet heights; document that caveat here instead of moving signet chainparams in this change. Having normal full validation cross-check the baked-in hashes makes the commitments less one-sided and can help evaluate whether AssumeUTXO background revalidation can be removed later. The unit test mines the deterministic regtest chain through the first configured AssumeUTXO height, where the hash matches, then through the next configured height, where the metadata mismatch is logged with its expected commitment pair, and then mines 10 more blocks to prove validation continues. refs bitcoin#32377
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.